Package Lost Case Analysis of MPLS VPN on E1

 

Package Lost Case Analysis of MPLS VPN on E1

 

 

Keywords：NE16; Package Lost;MPLS VPN

1. Case Backgroud：

The Softwares fail to communicate between Xi'an and LingWu, the server of Xi'an sending "Request" to LingWu, there only has seldom "Reply" could be received by Xi'an's server, and the probability is only 10%. Were the "Request" or "Reply" packages losted by the MPLS VPN tunnel ?

2. Topology：

As figure 1 shows below: The NE16 of Xi'an and LingWu were connected by E1. The server of Xi'an with double netcards communicate with the Linux server of LinWu through MPLS VPN tunnel which was set up by the  NE16 .

                          Figure 1 – Topology of Xi'an and LingWu

3. Solution Steps：

3.1 Methods：

Plan 1：Observe the total package numbers of the servers. This is not a best and easy way to resolve this problem.

Plan 2：Counting the package passing through the interface of NE16 to determine whether there is package lost. In detail: Comparing the ingress number of Xi'an with the egress of LingWu in both VPN interfaces, If the number of each other is equal, we can conclude that there is no package lost, otherwise, there maybe package lost.

3.2 Technical Difficulty：

We could not use package capture tools to get the statistics of the ingress and egress packages directly. Therefore, we mark different package with different "color"，in this way, we could count how many package were sended or received。

3.3 Testing：

Step 1：Analysis the feature of the business between the servers of Xi'an and LingWu. The server of Xi'an has two netcards which communicate with the netcard of the server in LinWu, which only has one netcard. The ip address of both sides show below：

	IP address
Server of Xi'an	10.60.3.101
	10.60.3.102
Server of LinWu	10.64.95.2

   To help us counting the receiving and sending package number, We defined acl rules to separate the package of these two servers from others：

 acl number 3001

     rule 5 permit ip vpn-instance vpn-rt source 10.60.3.101 0 destination 10.64.95.2 0

     rule 10 permit ip vpn-instance vpn-rt source 10.60.3.102 0 destination 10.64.95.2 0

 Step 2: Using the commands below to modify the package's mpls-exp value to 3 according to acl 3001, then we can measure the number of these package：

//Define class remark

[7.25]traffic classifier remark

//If match acl 3001

[7.25-classifier-remark]if-match acl 3001

//Define flow behavior remark

[7.25]traffic behavior remark

//Modify the MPLS's  EXP fields to 3（default are 4 or 6）

[7.25-behavior-remark]remark mpls-exp 3

//bingding class and behavior

[7.25]traffic policy remark

[7.25-trafficpolicy-remark]classifier remark behavior remark

//Apply policy on interface

[7.25]int Ethernet 5/1/0.901

[7.25-Ethernet5/1/0.901]traffic-policy remark inbound 

 

[7.25]traffic classifier  exp3

[7.25-classifier-exp3]if-match mpls-exp 3

[7.25]traffic behavior exp3

//Incriease width of ef queue from 200 to 1400, in case the burst flow

[7.25-behavior-exp3]queue ef bandwidth 1400

[7.25]traffic policy p_vpn_rt

[7.25-trafficpolicy-p_vpn_rt]classifier  exp3  behavior exp3

       Step 3：

After configed the command above, Using command:

display traffic policy interface Ethernet 5/1/0.901 //Ingress interface of Xi'an Node

display traffic policy interface Serial 5/0/3:0    //Egress interface of Xi'an Node

Checking the number of marked data continuously, if the result of these two interfaces are equal, that means there is no package lost.

On inside, we mainly check the interface Ethernet 5/1/0.901 value below：

Classifier: remark

     Matched : 824/36384 (Packets/Bytes)

     Operator: AND

     Rule(s) : if-match acl 3001

     Behavior: remark

      Marking:               

        Remark MPLS EXP 3               

        Remarked: 824 (Packets)

On outside, we mainly check the interface s5/0/3:0 value below：

Classifier: exp3

     Matched : 27/1314 (Packets/Bytes)

     Operator: AND

     Rule(s) : if-match mpls-exp 3

     Behavior: exp3

      Expedited Forwarding:

        Bandwidth 1300 (Kbps), CBS 32500 (Bytes)

        Matched : 0/0 (Packets/Bytes)               

        Enqueued : 0/0 (Packets/Bytes)               

        Discarded: 0/0 (Packets/Bytes)

       Step 4：

Similarly,we do the same configuration on YinChuan node：

[7.25-classifier-car]if-match mpls-exp 3

[7.25]traffic behavior car

[7.25-behavior-car]car cir 50000000 green pass red pass

[7.25]traffic policy car

[7.25-trafficpolicy-car]classifier car behavior car

Apply the policy above under these two interface:

[7.25]int Serial 5/0/0:0 

[7.25-Serial5/0/0:0]traffic-policy car inbound

//Here, pay more attention to the direction, because they are contrary

[7.25]int Serial 10/0/6:0 

[7.25-Serial10/0/6:0]traffic-policy car outbound

Also, According to Xi'an node, checking the package number of each direction continuously.

       Step 5：

              Below are part of the data we collected under 10 second interval(Part of the data). we can see from the table below that all the data increasing steady, that means the increasing number of data of Xi'an and YinChuan nearly equal:

       The total sending packages number of Xi'an：

              0 + 13 + … + 5 + 9 = 106

       The total receiving packages number of YinChuan：

              0 + 12 + … + 4 + 9 = 108

Index	Entrance of Xi'an S5/0/3:0	Increasing Package	Egress of Xi'an E5/1/0.901	Subtract of In and Out	Entrance of YinChuan S5/0/0:0	Increasing Package	Egress of YinChuan S10/0/6:0	Subtract of In and Out
1	14	0	14	0	19	0	19	0
2	27	13	27	0	31	12	31	0
3	35	8	36	1	42	11	42	0
4	47	12	47	0	55	13	55	0
5	53	6	53	0	60	5	60	0
6	59	6	59	0	66	6	66	0
7	65	6	65	0	72	6	72	0
8	70	5	70	0	77	5	78	1
9	78	8	78	0	84	7	84	0
10	83	5	83	0	90	6	90	0
11	88	5	88	0	95	5	95	0
12	98	10	98	0	104	9	104	0
13	103	5	103	0	110	6	110	0
14	106	3	106	0	114	4	114	0
15	111	5	111	0	118	4	118	0
16	120	9	120	0	127	9	127	0
合计	1157	106	1158	1	1264	108	1265	1

 

To sumup：

1.    The package number of every in and out direction of each pair interface are equal

2.   In 160 second, the increasing number of Xi'an and YinChuan are nearly equal.If we check as long as possible, the result will be equal.

4. Result：

From the analysis above, we can concluded that there has no package lost through the VPN tunnel between Xi'an and YinChuan. We must check other part of the network to find the exact reason。